US6233446B1 - Arrangement for improving security in a communication system supporting user mobility - Google Patents

Arrangement for improving security in a communication system supporting user mobility Download PDF

Info

Publication number
US6233446B1
US6233446B1 US09/413,219 US41321999A US6233446B1 US 6233446 B1 US6233446 B1 US 6233446B1 US 41321999 A US41321999 A US 41321999A US 6233446 B1 US6233446 B1 US 6233446B1
Authority
US
United States
Prior art keywords
user
access control
access
terminal
arrangement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/413,219
Inventor
Thanh Van Do
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Assigned to TELEFONAKTIEBOLAGET LM ERICSSON reassignment TELEFONAKTIEBOLAGET LM ERICSSON ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DO, THANH VAN
Application granted granted Critical
Publication of US6233446B1 publication Critical patent/US6233446B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/303Terminal profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q3/00Selecting arrangements
    • H04Q3/0016Arrangements providing connection between exchanges
    • H04Q3/0029Provisions for intelligent networking
    • H04Q3/005Personal communication services, e.g. provisions for portability of subscriber numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q3/00Selecting arrangements
    • H04Q3/0016Arrangements providing connection between exchanges
    • H04Q3/0062Provisions for network management
    • H04Q3/0095Specification, development or application of network management software, e.g. software re-use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/03Protocol definition or specification 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Definitions

  • the present invention relates to an arrangement for improving security in a communications system, especially a telecommunications system, said system comprising distributed hardware and software components which interact in order to provide services to one or more users.
  • the present invention concerns a user access control for distributed systems that support user mobility, i.e. users are allowed to move and use different terminals to access services.
  • the Access control is the procedure used by the telecom system domain to ensure that the user accesses the telecom system domain in accordance with the restrictions specified at subscription [ 1 ]. When mobility is supported, every user will have the possibility to use any terminals at any access points.
  • the access control procedure is also intended to limit the access capability of a user for the protection and privacy of third party.
  • the third party can be the owner of the terminal or the access point, and must have the right to block or deblock, suspend or reset the service delivery at his terminal or access point to a user.
  • terminal owner the third party
  • He must have the rights to restrict the usage of the terminal, e.g. only allowing certain users while others are prohibited from using the terminal.
  • the UPT Universal Personal Telecommunication
  • the UPT (Universal Personal Telecommunication) [ 4 ] system comprises some sort of access control mechanisms but they are limited to telephony services and to voice terminals or telephone.
  • a further object of the present invention is to introduce a generic access control in such distributed systems.
  • the invention also suggests that this type of generic access control is related to personal mobility.
  • FIG. 2 is a schematic diagram illustrating an embodiment of the present invention for carrying out access control, especially in relation to a information object Term_Profile.
  • FIG. 3 is a schematic diagram illustrating an embodiment of a Terminal_Data object.
  • FIG. 4 illustrates a computational model of the access control of a user for use of a terminal.
  • FIG. 5 is a schematic diagram illustrating a user_registration object containing a list of allowed services.
  • FIG. 6 is a schematic diagram illustrating the relation between user domain, terminal domain and telecom system domain as well as an embodiment of access control on the access to the telecom system.
  • FIG. 7 is a block diagram illustrating the relation between user domain, terminal domain and telecom system domain, as well as an embodiment of access control on the axis to the telecom system.
  • FIG. 1 there is illustrated a user which has access to a terminal which in turn is communicating with a telecom system which in turn is offering a plurality of services.
  • PD_UA ProviderDomain_UserAgent representing a user in the telecom system domain.
  • TA TerminalAgent representing a terminal in the telecom system do main
  • NAP representing a Network Access Point
  • TAP representing a Terminal Access Point
  • the information required for to carrying out the access control is contained in the Usage_Restriction component of the object Term_Profile (see FIG. 2) which contains information about the terminal.
  • the attribute All_Barring is used to specify that only the terminal owner can use the terminal.
  • the terminal owner may also prevent a particular user or group of users from using his terminal by specifying the attribute Barring_List or to allow only certain user by specifying an Allowance_List.
  • Modification of the Usage_restriction may be provided as an application where only the owner has the right to make access. The details of such an application and the specific layout of the Usage_Restriction is a matter of implementation and will not be carried further here.
  • the object Terminal_Data which contains information required for the support terminal mobility such as state, NAPid, etc. may be equipped with a table of controlled and cleared users, called ClearedUserTable, as shown in FIG. 3 .
  • the ClearedUserTable contains the references or CIIs (Computational Interface Identifier) of the PD_UAs whose access have been controlled.
  • the TA assumes the Access control Enforcement Function (AEF).
  • AEF Access control Enforcement Function
  • the Access control Decision Function is allocated to an object called ADF.
  • ADF Access control Procedure for use of the terminal is shown in FIG. 4 .
  • the TA will check whether the identifier of the originating or addressed PD_UA is on the ClearedUserTable or not. If it is, TA will do the transfer of OpX If it is not, TA will initiate the access control Procedure.
  • TA invokes Get(Usage_Restriction) on Term_Profile to acquire the access control Decision Information (ADI).
  • ADI access control Decision Information
  • the TA invokes the operation Decision_Request on the ADF object.
  • the arguments of this operation are the ADI obtained from the Term_Profile.
  • the ADF makes the decision and returns the Access_Result to TA.
  • the Access_result may be granted or not_granted. If the Access_Result is not_granted, TA returns an error message to the originator of the operation.
  • TA invokes the operation Update(CleareduserTable,PD_UARef) on Terminal_Data to register the PD_UA of the newly cleared user.
  • One way of removing entries from ClearedUserTable, i.e the identifier (reference) of a PD_UA, is to restart a timer each time that entry is accessed. If the timer times out, the entry is removed. Some entries may be permanent, i.e. they are not associated with a timer.
  • This type of access control is only intended to other users than the terminal owner himself. In fact, the terminal owner should never be prevented to use his terminal.
  • the access to the telecom system domain and the access to the services are different types of access controls which are applicable to all the users including the terminal owner.
  • NoRestr_List containing the PD_UA identifiers of the users who are by default allowed to use the terminal.
  • the identifier of the terminal owner's PD_UA is one of them. This list must not be accessible to anyone but the telecom system domain operator itself, i.e. even not to the terminal owner.
  • the list of allowed services for a user at a terminal is hence equal to or smaller than the list of subscribed services. This list is a column in the User_Registration object in FIG. 5 .
  • the initiator of the access control service is User a .
  • the target is the telecom system domain.
  • the AEF is assumed by the PD_UA a .
  • the ADF is assumed by the object ADF.
  • the access of the user to the telecom system domain may be limited by some parameters such as Roaming_Restriction, Credit_Limit, Time_Restriction, etc. which are contained in the Service_Restriction attribute of the User_Profile object.
  • the Service_Restriction attribute contains also a list of subscribed services. The use of the services in this list may be conditioned by the strength of the method used to authenticate the user, the location of the terminal, the call destination, etc.
  • the Service_Restriction attribute may thus be quite complex.
  • FIG. 6 A computational model of the access control service for access to the telecom system domain is shown in FIG. 6 .
  • the access control procedure is as follows:
  • the PD_UAa object invokes a Get(Service_Restriction) on the User_Profile to acquire the access control Decision Information (ADI).
  • ADI access control Decision Information
  • the PD_UAa object invokes a Get(SecurityData) on the User_Registration object to acquire the contextual information (result from the authentication service).
  • the PD_UA a object invokes the operation Decision_Request on the ADF object.
  • the arguments of this operation are the ADI obtained from User_Profile and the contextual information obtained from User_Registration.
  • the ADF may use the access control services offered by the platform or a security system to obtain further contextual information such as time, system status, etc. and the access control policy rules.
  • the ADF makes the decision and returns the Access_Result to PD_UAa together with SecurityData and AllowedServices.
  • the Access_result may be granted, not_granted or suspended. If the Access_Result is Suspended, depending on the access control Policy the terminal will be, temporarily or permanently no longer allowed to access the telecom system domain.
  • the SecurityData returned to the PD_UA a from the ADF will contain a NoOfRetries field increased by one.
  • the NoOfRetries field indicates the number of unsuccessful access attempts and is used as contextual information for the next access control service.
  • the PD_UA a will invoke the operation Set(SecurityData) on the User_Registration object to save the updated SecurityData.
  • the PD_UA a will return the appropriate response containing a not_granted status.
  • the AllowedServices containing an updated list of allowed services is returned to the PD_UA a .
  • the PD_UAa will invoke the operation Set(AllowedServices) on the User_Registration object to save the updated AllowedServices.
  • the PD_UA a will return the appropriate response containing a granted status.
  • the user can now request the wanted service and is hence subject to the access control for the requested service.
  • Outgoing services are initiated by the user himself while incoming services are delivered to him by other users or applications.
  • the initiator of the access control service is Usera.
  • the initiator is some other user or application.
  • the target is the requested service.
  • the AEF is assumed by the PD_UA a .
  • the ADF is assumed by the object ADF.
  • the access of the user to the requested service is limited by the information contained in the AllowedService list of the User_Registration object.
  • Another restriction originates from the Usage_Restriction contained in the object Terminal_Data and set by the terminal owner.
  • the terminal owner may allow only one or both of the two service types to be performed on his terminal.
  • the attributes OutBarring and InBarring of the Usage_Restriction is used to specify, respectively, the users who are not allowed to use outgoing services and incoming services on the terminal (or who are allowed).
  • the access control procedure is as follows:
  • the PD_UA a object receives a ServiceReq(ServId) from either the user or an application.
  • the PD_UAaobject invokes a Get(Usage_Restriction) on the TA.
  • the PD_UA a object invokes a Get(AllowedService) on the User_Registration.
  • the PD_UA a object invokes the operation Decision_Request on the ADF object.
  • the arguments of this operation are the ADI obtained from the User_Registration object and the TA.
  • the ADF makes the decision and returns the Access_Result to PD_UA a .
  • the Access_result may be granted or not_granted.
  • the PD_UA a will return the appropriate response to the requester.
  • the access control on the requested service is shown in FIG. 7 .
  • This invention has high level of flexibility in the sense that it can be used in different mobile distributed systems, public or private, local-area or wide-area, wireline or wireless.

Abstract

The present invention relates to an arrangement for improving security in a communications system, especially a telecommunications system, said system comprising distributed hardware and software components which interact in order to provide services to one or more users, and for the object of implementing this improvement this can according to the present invention be done by introducing in said system a generic access control. In a specific embodiment the invention suggests three types of access control especially related to access to the terminal in question, to the telecom system and to the requested services.

Description

This is a continuation of PCT application No. PCT/NO98/00109, filed Apr. 2, 1998, the entire content of which is hereby incorporated by reference in this application.
FIELD OF THE INVENTION
The present invention relates to an arrangement for improving security in a communications system, especially a telecommunications system, said system comprising distributed hardware and software components which interact in order to provide services to one or more users.
More specifically the present invention concerns a user access control for distributed systems that support user mobility, i.e. users are allowed to move and use different terminals to access services.
BACKGROUND OF THE INVENTION
The Access control is the procedure used by the telecom system domain to ensure that the user accesses the telecom system domain in accordance with the restrictions specified at subscription [1]. When mobility is supported, every user will have the possibility to use any terminals at any access points. The access control procedure is also intended to limit the access capability of a user for the protection and privacy of third party. The third party can be the owner of the terminal or the access point, and must have the right to block or deblock, suspend or reset the service delivery at his terminal or access point to a user.
When the user is allowed to move and access to the telecommunication services anywhere and at any time, the risk of threats increases dramatically at the same time as the mechanisms necessary to enforce security become more difficult to realise. In systems supporting general mobility, fraudulent use of anyone's subscription can be attempted from any terminal and at any network access point. In this way the user may be exposed to various forms of fraud as, for example, fraudulent use of the user's resources by unauthorised parties who manage to take up the identity of the user, eavesdropping, unauthorised tapping or modification of information exchanged during communication, and disclosure of the user's physical location [4]. Another security problem arises because the user is allowed to use any terminal and at any network access point. Such a temporary usage may conflict with the use of the terminal by the terminal owners, also referred to as third parties [6]. In principle, third parties should not suffer in terms of loss of privacy or freedom of actions as a result of activities by the mobile user.
STATE OF THE ART
With mobility, users may make use of any existing and available terminals and network access points. However, this does not mean that the terminal owner (the third party) has to accept such actions on his terminal. He must have the rights to restrict the usage of the terminal, e.g. only allowing certain users while others are prohibited from using the terminal.
This may be done in many ways, e.g. by keeping the terminal in a secured place, use local password, etc., but such measures are cumbersome for the owner and often not secure enough. This is commonly referred as the protection of third parties.
The UPT (Universal Personal Telecommunication) [4] system comprises some sort of access control mechanisms but they are limited to telephony services and to voice terminals or telephone.
Consequently, there is a need for an improved user access control for distributed systems supporting user mobility.
OBJECTS OF THE INVENTION
The present invention has for an objective to address any mobile distributed system, any types of applications, i.e. voice, data, image, video, interactive, multimedia, etc., for in such mobile distributed systems to introduce an improved access control.
A further object of the present invention is to introduce a generic access control in such distributed systems.
Still another object of the present invention is to introduce such a generic access control for distributed systems supporting user mobility which can be used in mobile distributed systems comprising public or private, local-area or wide-area, wireline or wireless networks.
BRIEF DISCLOSURE OF THE INVENTION
The above objects are achieved in an arrangement as stated in the preamble, which primarily is characterised by introducing in said system a user access control, for thereby enforcing security in communications systems.
In other words, the invention also suggests that this type of generic access control is related to personal mobility.
Further features and advantages of the present invention will appear from the following description taken in conjunction with the enclosed drawings, as well as from the appending patent claims.
BRIEF DISCLOSURE OF THE DRAWINGS
FIG. 1 is a schematic diagram illustrating the main subject matter to which the present invention is related, namely by illustrating a user's access to the services in question.
FIG. 2 is a schematic diagram illustrating an embodiment of the present invention for carrying out access control, especially in relation to a information object Term_Profile.
FIG. 3 is a schematic diagram illustrating an embodiment of a Terminal_Data object.
FIG. 4 illustrates a computational model of the access control of a user for use of a terminal.
FIG. 5 is a schematic diagram illustrating a user_registration object containing a list of allowed services.
FIG. 6 is a schematic diagram illustrating the relation between user domain, terminal domain and telecom system domain as well as an embodiment of access control on the access to the telecom system.
FIG. 7 is a block diagram illustrating the relation between user domain, terminal domain and telecom system domain, as well as an embodiment of access control on the axis to the telecom system.
DETAILED DESCRIPTION OF EMBODIMENT
As stated previously, the present invention relates to user access control for distributed systems that support user mobility which means that the users are allowed to move and use different terminals to access services available to them.
In FIG. 1 there is illustrated a user which has access to a terminal which in turn is communicating with a telecom system which in turn is offering a plurality of services.
Before allowing the user to access the services offered by the telecom system domain, he is subject to three types of access control
access control concerning the use of the current terminal (protection of third party)
access control concerning the access to the telecom system
access control concerning the use of the service requested
Solution
We shall successively describe the three mentioned access controls.
Access Control for Use of the Current Terminal
With mobility, users may make use of any existing and available terminals and network access points. However, this does not mean that the terminal owner (the third party) has to accept such actions on his terminal. He must have the rights to restrict the usage of the terminal, e.g. only allowing certain users while other are prohibited from using the terminal. Of course, there are many ways to do this locally, e.g. keep the terminal in a secure place, use local password, etc. but they are cumbersome for the owner and often not secure enough. This is commonly referred as the protection of third parties [2].
Let us suppose that the mobile distributed system uses agent techniques to support mobility and has the following objects:
PD_UA (ProviderDomain_UserAgent) representing a user in the telecom system domain.
TA (TerminalAgent) representing a terminal in the telecom system do main
SPA (ServiceProvider Agent) representing the telecom system in the terminal domain
NAP representing a Network Access Point
TAP representing a Terminal Access Point
The information required for to carrying out the access control is contained in the Usage_Restriction component of the object Term_Profile (see FIG. 2) which contains information about the terminal. The attribute All_Barring is used to specify that only the terminal owner can use the terminal. The terminal owner may also prevent a particular user or group of users from using his terminal by specifying the attribute Barring_List or to allow only certain user by specifying an Allowance_List. Modification of the Usage_restriction may be provided as an application where only the owner has the right to make access. The details of such an application and the specific layout of the Usage_Restriction is a matter of implementation and will not be carried further here.
In order to support selective access control of the terminal, the object Terminal_Data which contains information required for the support terminal mobility such as state, NAPid, etc. may be equipped with a table of controlled and cleared users, called ClearedUserTable, as shown in FIG. 3. The ClearedUserTable contains the references or CIIs (Computational Interface Identifier) of the PD_UAs whose access have been controlled.
The TA assumes the Access control Enforcement Function (AEF). The Access control Decision Function is allocated to an object called ADF. The access control Procedure for use of the terminal is shown in FIG. 4.
1. Every time an operation OpX arrives at the TA, the TA will check whether the identifier of the originating or addressed PD_UA is on the ClearedUserTable or not. If it is, TA will do the transfer of OpX If it is not, TA will initiate the access control Procedure.
2. TA invokes Get(Usage_Restriction) on Term_Profile to acquire the access control Decision Information (ADI).
3. The TA invokes the operation Decision_Request on the ADF object. The arguments of this operation are the ADI obtained from the Term_Profile. The ADF makes the decision and returns the Access_Result to TA. The Access_result may be granted or not_granted. If the Access_Result is not_granted, TA returns an error message to the originator of the operation.
4. If the Access_Result is granted, TA invokes the operation Update(CleareduserTable,PD_UARef) on Terminal_Data to register the PD_UA of the newly cleared user.
One way of removing entries from ClearedUserTable, i.e the identifier (reference) of a PD_UA, is to restart a timer each time that entry is accessed. If the timer times out, the entry is removed. Some entries may be permanent, i.e. they are not associated with a timer.
This type of access control is only intended to other users than the terminal owner himself. In fact, the terminal owner should never be prevented to use his terminal. The access to the telecom system domain and the access to the services are different types of access controls which are applicable to all the users including the terminal owner.
In the object Usage_Restriction it is therefore necessary to define an additional attribute called NoRestr_List containing the PD_UA identifiers of the users who are by default allowed to use the terminal. The identifier of the terminal owner's PD_UA is one of them. This list must not be accessible to anyone but the telecom system domain operator itself, i.e. even not to the terminal owner. However, it may be possible to define an “emergency user”, i.e. every call to an emergency number will be effectual without being checked by the access control service.
Access Control for Access to the Telecom System Domain
If the user is allowed to use the terminal, it does not necessarily mean that he is allowed to access the telecom system domain. He may be located outside the roaming area; his credit with the operator may have run out; the authentication mechanism used to authenticate him may also be too weak and he is allowed to access a limited set of services. The list of allowed services for a user at a terminal is hence equal to or smaller than the list of subscribed services. This list is a column in the User_Registration object in FIG. 5.
The initiator of the access control service is Usera. The target is the telecom system domain. The AEF is assumed by the PD_UAa. The ADF is assumed by the object ADF. The access of the user to the telecom system domain may be limited by some parameters such as Roaming_Restriction, Credit_Limit, Time_Restriction, etc. which are contained in the Service_Restriction attribute of the User_Profile object. The Service_Restriction attribute contains also a list of subscribed services. The use of the services in this list may be conditioned by the strength of the method used to authenticate the user, the location of the terminal, the call destination, etc. The Service_Restriction attribute may thus be quite complex.
A computational model of the access control service for access to the telecom system domain is shown in FIG. 6. The access control procedure is as follows:
1. The PD_UAa object invokes a Get(Service_Restriction) on the User_Profile to acquire the access control Decision Information (ADI).
2. The PD_UAa object invokes a Get(SecurityData) on the User_Registration object to acquire the contextual information (result from the authentication service).
3. The PD_UAa object invokes the operation Decision_Request on the ADF object. The arguments of this operation are the ADI obtained from User_Profile and the contextual information obtained from User_Registration.
The ADF may use the access control services offered by the platform or a security system to obtain further contextual information such as time, system status, etc. and the access control policy rules. The ADF makes the decision and returns the Access_Result to PD_UAa together with SecurityData and AllowedServices.
The Access_result may be granted, not_granted or suspended. If the Access_Result is Suspended, depending on the access control Policy the terminal will be, temporarily or permanently no longer allowed to access the telecom system domain.
If the Access_Result is not_granted, the SecurityData returned to the PD_UAa from the ADF will contain a NoOfRetries field increased by one. The NoOfRetries field indicates the number of unsuccessful access attempts and is used as contextual information for the next access control service. The PD_UAa will invoke the operation Set(SecurityData) on the User_Registration object to save the updated SecurityData. Depending on the operation which initiated the access control procedure, the PD_UAa will return the appropriate response containing a not_granted status.
When the Access_Result is granted, the AllowedServices containing an updated list of allowed services is returned to the PD_UAa. The PD_UAa will invoke the operation Set(AllowedServices) on the User_Registration object to save the updated AllowedServices. Depending on the operation which initiated the access control procedure, the PD_UAa will return the appropriate response containing a granted status.
The user can now request the wanted service and is hence subject to the access control for the requested service.
Access Control for the Requested Service
There are two types of services, outgoing and incoming. Outgoing services are initiated by the user himself while incoming services are delivered to him by other users or applications.
For outgoing services, the initiator of the access control service is Usera. For incoming services the initiator is some other user or application. The target is the requested service. The AEF is assumed by the PD_UAa. The ADF is assumed by the object ADF. The access of the user to the requested service is limited by the information contained in the AllowedService list of the User_Registration object. Another restriction originates from the Usage_Restriction contained in the object Terminal_Data and set by the terminal owner. The terminal owner may allow only one or both of the two service types to be performed on his terminal. The attributes OutBarring and InBarring of the Usage_Restriction is used to specify, respectively, the users who are not allowed to use outgoing services and incoming services on the terminal (or who are allowed).
The access control procedure is as follows:
1. The PD_UAa object receives a ServiceReq(ServId) from either the user or an application.
3. The PD_UAaobject invokes a Get(Usage_Restriction) on the TA.
3. The PD_UAa object invokes a Get(AllowedService) on the User_Registration.
2. The PD_UAa object invokes the operation Decision_Request on the ADF object. The arguments of this operation are the ADI obtained from the User_Registration object and the TA.
The ADF makes the decision and returns the Access_Result to PD_UAa. The Access_result may be granted or not_granted. Depending on the operation which initiated the access control procedure, the PD_UAa will return the appropriate response to the requester. The access control on the requested service is shown in FIG. 7.
MERITS OF THE INVENTION
This invention has high level of flexibility in the sense that it can be used in different mobile distributed systems, public or private, local-area or wide-area, wireline or wireless.
It is a complete access control in the sense that it contains all the three types of access control.
Important features of the invention may be listed as follows.

Claims (7)

What is claimed is:
1. An arrangement for improving security in a communications system including distributed hardware and software components which interact in order to provide services to one or more users, the arrangement comprising:
an access control system or function relating to personal mobility provided in said communications system for enforcing security;
wherein said access control system or function subjects a user to at least the following types of access control which are carried out in the following order: a) access control to a terminal verifying that the user is authorized to use the terminal, b) access control to a telecom system related to said communications system for checking whether the user is authorized to access the telecom system so as to enable prevention of the user from accessing the telecom system if the user is not authorized to do so, and c) access control to a requested service for checking whether the user is authorized to use the specific requested service;
wherein the user can thus move between and user different terminals, and the user can subscribe to and services in addition to a voice communication service; and
wherein said access controls a) through c) are carried out before the user is allowed access to the requested service provided by the communications system.
2. Arrangement as claimed in claim 1, wherein said access control system is introduced in any Open Distributed Processing (ODP) system and/or any common Request Broker Architecture (CORBA) system.
3. Arrangement as claimed in claim 1, wherein the information required for carrying out said access controls is contained in a Usage Restriction component of a Term Profile object containing information about a terminal in question.
4. Arrangement as claimed in claim 3, further comprising a Terminal data object containing information required or supporting terminal mobility, said object also comprising a table of controlled and cleared users.
5. Arrangement as claimed in claim 4, wherein said Term Profile object and said Terminal Data object are found in the telecom system domain, and are controlled by agent techniques comprising a Terminal Agent (TA).
6. Arrangement as claimed in claim 3, wherein in the telecom system domain there is provided one or more timers which are restarted each time an entry is accessed, the setting of a timer deciding the maintenance of said entry, and wherein entries not associated with a timer are regarded as permanent entries.
7. A method of improving security in a communications system including distributed hardware and software components which interact in order to provide services to one or more users, the method comprising:
providing an access control system or function relating to personal mobility in the communications system for enforcing security;
said access control system or function performing the following access controls on a user in the following order: a) access control to a terminal verifying that the user is authorized to use the terminal, b) access control to a telecom system related to said communications system checking whether the user is authorized to access the telecom system and preventing the user from accessing the telecom system if the user is not authorized to do so, and c) access control to a requested service checking whether the user is authorized to use the requested service; and
performing said access controls a) through c) and if the user passes said access controls a) through c) then allowing the user access to the requested service provided by the communications system.
US09/413,219 1997-04-08 1999-10-05 Arrangement for improving security in a communication system supporting user mobility Expired - Lifetime US6233446B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
NO971605A NO971605L (en) 1997-04-08 1997-04-08 Device for improving accessibility of services in a communication system
NO971605 1997-04-08
PCT/NO1998/000109 WO1998045982A2 (en) 1997-04-08 1998-04-02 Arrangement for improving security in a communication system supporting user mobility

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO1998/000109 Continuation WO1998045982A2 (en) 1997-04-08 1998-04-02 Arrangement for improving security in a communication system supporting user mobility

Publications (1)

Publication Number Publication Date
US6233446B1 true US6233446B1 (en) 2001-05-15

Family

ID=19900586

Family Applications (7)

Application Number Title Priority Date Filing Date
US09/413,219 Expired - Lifetime US6233446B1 (en) 1997-04-08 1999-10-05 Arrangement for improving security in a communication system supporting user mobility
US09/413,218 Expired - Lifetime US6275709B1 (en) 1997-04-08 1999-10-05 Arrangement for improving availability of services in a communication system
US09/412,334 Expired - Lifetime US6964050B1 (en) 1997-04-08 1999-10-05 Arrangement for simplifying the design and implementation of mobile services in a communication system
US09/413,217 Expired - Lifetime US6389037B1 (en) 1997-04-08 1999-10-05 Arrangement for improving the architecture of mobile communication systems
US09/413,215 Expired - Lifetime US6336130B1 (en) 1997-04-08 1999-10-05 Arrangement for improving availability of services in a communication system
US09/413,216 Expired - Lifetime US6332081B1 (en) 1997-04-08 1999-10-05 Arrangement for improving availability of services in a communication system
US09/412,335 Expired - Lifetime US6490613B1 (en) 1997-04-08 1999-10-05 Arrangement for extending service support in a communication system

Family Applications After (6)

Application Number Title Priority Date Filing Date
US09/413,218 Expired - Lifetime US6275709B1 (en) 1997-04-08 1999-10-05 Arrangement for improving availability of services in a communication system
US09/412,334 Expired - Lifetime US6964050B1 (en) 1997-04-08 1999-10-05 Arrangement for simplifying the design and implementation of mobile services in a communication system
US09/413,217 Expired - Lifetime US6389037B1 (en) 1997-04-08 1999-10-05 Arrangement for improving the architecture of mobile communication systems
US09/413,215 Expired - Lifetime US6336130B1 (en) 1997-04-08 1999-10-05 Arrangement for improving availability of services in a communication system
US09/413,216 Expired - Lifetime US6332081B1 (en) 1997-04-08 1999-10-05 Arrangement for improving availability of services in a communication system
US09/412,335 Expired - Lifetime US6490613B1 (en) 1997-04-08 1999-10-05 Arrangement for extending service support in a communication system

Country Status (7)

Country Link
US (7) US6233446B1 (en)
EP (7) EP0974233B1 (en)
JP (7) JP2001521690A (en)
AU (7) AU6857498A (en)
DE (2) DE69841308D1 (en)
NO (1) NO971605L (en)
WO (7) WO1998046036A1 (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490613B1 (en) 1997-04-08 2002-12-03 Telefonaktiebolaget Lm Ericsson (Publ) Arrangement for extending service support in a communication system
US20040023640A1 (en) * 2002-08-02 2004-02-05 Ballai Philip N. System and method for detection of a rogue wireless access point in a wireless communication network
WO2004017592A1 (en) * 2002-08-19 2004-02-26 Research In Motion Limited System and method for secure control of resources of wireless mobile communication device
US20040205004A1 (en) * 2000-02-22 2004-10-14 Paramvir Bahl Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet
US20040215956A1 (en) * 2000-02-22 2004-10-28 Microsoft Corporation Methods and systems for accessing networks, methods and systems for accessing the internet
US20040249927A1 (en) * 2000-07-17 2004-12-09 David Pezutti Intelligent network providing network access services (INP-NAS)
WO2004109535A1 (en) * 2003-06-05 2004-12-16 Ipass Inc. Method and system of providing access point data associated with a network access point
US20050021781A1 (en) * 2003-06-05 2005-01-27 Singam Sunder Method and system of providing access point data associated with a network access point
US20090150525A1 (en) * 2004-04-08 2009-06-11 Ipass, Inc. Method and system for verifying and updating the configuration of an access device during authentication
US8255569B1 (en) 2000-02-22 2012-08-28 Microsoft Corporation Methods and systems for compressing data packets
US8626139B2 (en) 2002-11-08 2014-01-07 Blackberry Limited System and method of connection control for wireless mobile communication devices
USRE44746E1 (en) 2004-04-30 2014-02-04 Blackberry Limited System and method for handling data transfers
US8656016B1 (en) 2012-10-24 2014-02-18 Blackberry Limited Managing application execution and data access on a device
US8799227B2 (en) 2011-11-11 2014-08-05 Blackberry Limited Presenting metadata from multiple perimeters
US8893219B2 (en) 2012-02-17 2014-11-18 Blackberry Limited Certificate management method based on connectivity and policy
US8931045B2 (en) 2012-02-16 2015-01-06 Blackberry Limited Method and apparatus for management of multiple grouped resources on device
US8972762B2 (en) 2012-07-11 2015-03-03 Blackberry Limited Computing devices and methods for resetting inactivity timers on computing devices
US9047451B2 (en) 2010-09-24 2015-06-02 Blackberry Limited Method and apparatus for differentiated access control
US9075955B2 (en) 2012-10-24 2015-07-07 Blackberry Limited Managing permission settings applied to applications
US9077622B2 (en) 2012-02-16 2015-07-07 Blackberry Limited Method and apparatus for automatic VPN login on interface selection
US9137668B2 (en) 2004-02-26 2015-09-15 Blackberry Limited Computing device with environment aware features
US9147085B2 (en) 2010-09-24 2015-09-29 Blackberry Limited Method for establishing a plurality of modes of operation on a mobile device
US9161226B2 (en) 2011-10-17 2015-10-13 Blackberry Limited Associating services to perimeters
US9225727B2 (en) 2010-11-15 2015-12-29 Blackberry Limited Data source based application sandboxing
US9262604B2 (en) 2012-02-01 2016-02-16 Blackberry Limited Method and system for locking an electronic device
US9282099B2 (en) 2005-06-29 2016-03-08 Blackberry Limited System and method for privilege management and revocation
US9306948B2 (en) 2012-02-16 2016-04-05 Blackberry Limited Method and apparatus for separation of connection data by perimeter type
US9369466B2 (en) 2012-06-21 2016-06-14 Blackberry Limited Managing use of network resources
US9378394B2 (en) 2010-09-24 2016-06-28 Blackberry Limited Method and apparatus for differentiated access control
US9386451B2 (en) 2013-01-29 2016-07-05 Blackberry Limited Managing application access to certificates and keys
US9426145B2 (en) 2012-02-17 2016-08-23 Blackberry Limited Designation of classes for certificates and keys
US9497220B2 (en) 2011-10-17 2016-11-15 Blackberry Limited Dynamically generating perimeters
US9698975B2 (en) 2012-02-15 2017-07-04 Blackberry Limited Key management on device for perimeters
US9967055B2 (en) 2011-08-08 2018-05-08 Blackberry Limited System and method to increase link adaptation performance with multi-level feedback
US10848520B2 (en) 2011-11-10 2020-11-24 Blackberry Limited Managing access to resources

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0964588A2 (en) * 1998-06-12 1999-12-15 Alcatel A communications network system with discrete terminal mobility and remote user registration
CA2290221A1 (en) * 1998-11-23 2000-05-23 Siemens Information And Communication Networks, Inc. An intelligent telecommunications management network (tmn)
US6742037B1 (en) * 1998-12-01 2004-05-25 Nortel Networks Limited Method and apparatus for dynamic information transfer from a mobile target to a fixed target that tracks their relative movement and synchronizes data between them
US6564261B1 (en) * 1999-05-10 2003-05-13 Telefonaktiebolaget Lm Ericsson (Publ) Distributed system to intelligently establish sessions between anonymous users over various networks
NO992605L (en) 1999-05-31 2000-12-01 Ericsson Telefon Ab L M Support for telecommunication system mobility
US7079499B1 (en) 1999-09-08 2006-07-18 Nortel Networks Limited Internet protocol mobility architecture framework
WO2001019050A2 (en) * 1999-09-08 2001-03-15 Nortel Networks Limited Internet protocol mobility architecture framework
US6769000B1 (en) 1999-09-08 2004-07-27 Nortel Networks Limited Unified directory services architecture for an IP mobility architecture framework
EP1091599A1 (en) * 1999-10-08 2001-04-11 Alcatel Method for accessing a service platform such as TINA via an internet browser session
JP3545666B2 (en) * 2000-02-14 2004-07-21 株式会社東芝 Service providing system for mobile terminals
FI112757B (en) 2000-05-19 2003-12-31 Nokia Corp Method and apparatus for data communication
US20020095502A1 (en) * 2001-01-16 2002-07-18 Chester James S. Business-to-business service provider system for intranet and internet applications
US6996372B2 (en) * 2001-09-06 2006-02-07 Hughes Electronics Corporation Mobility management-radio resource layer interface system and method for handling dark beam scenarios
US6779934B2 (en) * 2001-10-25 2004-08-24 Hewlett-Packard Development Company, L.P. Printer having a spell checking feature
EP2211520A3 (en) 2002-02-14 2010-11-10 Avaya Inc. Presence and availability tracking
US7988398B2 (en) * 2002-07-22 2011-08-02 Brooks Automation, Inc. Linear substrate transport apparatus
US7023980B2 (en) 2002-12-04 2006-04-04 Avaya Technology Corp. Outbound dialing decision criteria based
US7474741B2 (en) 2003-01-20 2009-01-06 Avaya Inc. Messaging advise in presence-aware networks
CN100428710C (en) * 2003-03-13 2008-10-22 华为技术有限公司 Network mutual access controlling method
US6931024B2 (en) * 2003-05-07 2005-08-16 Qwest Communications International Inc. Systems and methods for providing pooled access in a telecommunications network
US7099307B2 (en) * 2003-05-07 2006-08-29 Qwest Communications International Inc. Automated cross-box and methods for using an automated cross-box
GB0312009D0 (en) * 2003-05-24 2003-07-02 Univ Strathclyde Management and control of telecommunication services delivery
US8094804B2 (en) 2003-09-26 2012-01-10 Avaya Inc. Method and apparatus for assessing the status of work waiting for service
DE10351961B4 (en) * 2003-11-07 2008-01-10 Siemens Ag Method for transmitting encrypted user data objects
US9398152B2 (en) 2004-02-25 2016-07-19 Avaya Inc. Using business rules for determining presence
US7953859B1 (en) 2004-03-31 2011-05-31 Avaya Inc. Data model of participation in multi-channel and multi-party contacts
US7734032B1 (en) 2004-03-31 2010-06-08 Avaya Inc. Contact center and method for tracking and acting on one and done customer contacts
US8000989B1 (en) 2004-03-31 2011-08-16 Avaya Inc. Using true value in routing work items to resources
US7769154B1 (en) 2004-06-09 2010-08-03 Avaya Inc. Aggregated perceived presence
US7983148B1 (en) 2004-07-12 2011-07-19 Avaya Inc. Disaster recovery via alternative terminals and partitioned networks
US8738412B2 (en) 2004-07-13 2014-05-27 Avaya Inc. Method and apparatus for supporting individualized selection rules for resource allocation
US7949121B1 (en) 2004-09-27 2011-05-24 Avaya Inc. Method and apparatus for the simultaneous delivery of multiple contacts to an agent
US8234141B1 (en) 2004-09-27 2012-07-31 Avaya Inc. Dynamic work assignment strategies based on multiple aspects of agent proficiency
US7809127B2 (en) 2005-05-26 2010-10-05 Avaya Inc. Method for discovering problem agent behaviors
US20060291481A1 (en) * 2005-06-27 2006-12-28 Matsushita Electric Industrial Co., Ltd. Application session resumption in mobile environments
US7779042B1 (en) 2005-08-08 2010-08-17 Avaya Inc. Deferred control of surrogate key generation in a distributed processing architecture
US7822587B1 (en) 2005-10-03 2010-10-26 Avaya Inc. Hybrid database architecture for both maintaining and relaxing type 2 data entity behavior
US7752230B2 (en) 2005-10-06 2010-07-06 Avaya Inc. Data extensibility using external database tables
US7787609B1 (en) 2005-10-06 2010-08-31 Avaya Inc. Prioritized service delivery based on presence and availability of interruptible enterprise resources with skills
US8737173B2 (en) 2006-02-24 2014-05-27 Avaya Inc. Date and time dimensions for contact center reporting in arbitrary international time zones
US20070271079A1 (en) * 2006-05-17 2007-11-22 Kentaro Oguchi Simulator for Vehicle Radio Propagation Including Shadowing Effects
US8842818B2 (en) 2006-06-30 2014-09-23 Avaya Inc. IP telephony architecture including information storage and retrieval system to track fluency
US7936867B1 (en) 2006-08-15 2011-05-03 Avaya Inc. Multi-service request within a contact center
US8391463B1 (en) 2006-09-01 2013-03-05 Avaya Inc. Method and apparatus for identifying related contacts
US8811597B1 (en) 2006-09-07 2014-08-19 Avaya Inc. Contact center performance prediction
US8938063B1 (en) 2006-09-07 2015-01-20 Avaya Inc. Contact center service monitoring and correcting
US7573996B1 (en) 2006-10-03 2009-08-11 Avaya Inc. Presence based callback
US8150003B1 (en) 2007-01-23 2012-04-03 Avaya Inc. Caller initiated undivert from voicemail
US10671600B1 (en) 2007-07-24 2020-06-02 Avaya Inc. Communications-enabled dynamic social network routing utilizing presence
US8504534B1 (en) 2007-09-26 2013-08-06 Avaya Inc. Database structures and administration techniques for generalized localization of database items
US8856182B2 (en) 2008-01-25 2014-10-07 Avaya Inc. Report database dependency tracing through business intelligence metadata
US8301581B2 (en) 2009-09-24 2012-10-30 Avaya Inc. Group compositing algorithms for presence
US8565386B2 (en) 2009-09-29 2013-10-22 Avaya Inc. Automatic configuration of soft phones that are usable in conjunction with special-purpose endpoints
US9516069B2 (en) 2009-11-17 2016-12-06 Avaya Inc. Packet headers as a trigger for automatic activation of special-purpose softphone applications

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5291479A (en) 1991-07-16 1994-03-01 Digital Technics, Inc. Modular user programmable telecommunications system with distributed processing
EP0684741A1 (en) 1994-05-04 1995-11-29 Gpt Limited Connectionless information service delivery
WO1995035611A2 (en) 1994-06-13 1995-12-28 Telefonaktiebolaget Lm Ericsson A resource model and architecture for a connection handling system
US5509053A (en) 1994-09-14 1996-04-16 Motorola, Inc. Method and apparatus for routing a call to a mobile communication unit in a telepoint communication system
WO1996025012A1 (en) 1995-02-07 1996-08-15 British Telecommunications Public Limited Company Information services provision and management
US5572528A (en) 1995-03-20 1996-11-05 Novell, Inc. Mobile networking method and apparatus
US5608447A (en) 1994-05-27 1997-03-04 Bell Atlantic Full service network
US5615351A (en) 1995-07-07 1997-03-25 Bell Communications Research, Inc. Method and system for correlating usage data in a distributed architecture
US5765108A (en) * 1991-07-31 1998-06-09 Telstra Corporation Limited Telecommunications system
US5825759A (en) * 1994-10-26 1998-10-20 Telefonaktiebolaget Lm Ericsson Distributing network services and resources in a mobile communications network
USH1837H (en) * 1997-09-26 2000-02-01 Fletcher; Anthony G. Generic telecommunications system and associated call processing architecture
US6052589A (en) * 1997-02-19 2000-04-18 Telefonaktiebolaget Lm Ericsson Method and arrangement relating to telecommunications systems
US6073010A (en) * 1995-04-28 2000-06-06 Telefonaktiebolaget Lm Ericsson (Publ) System and method for restricting mobility of subscribers assigned to fixed subscription areas in a cellular telecommunications network

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0442645A (en) * 1990-06-08 1992-02-13 Oki Electric Ind Co Ltd Method and circuit for both speech information remote registration and registration speech information transmission and automobile telephone circuit device
FR2679348B1 (en) * 1991-07-16 1993-10-08 Alcatel Cit SOFTWARE STRUCTURE FOR INFORMATION PROCESSING SYSTEM.
SG43752A1 (en) * 1993-01-21 1997-11-14 At & T Corp Directory structure for large scale telecommunications network allowing location of roaming mobile subcribers
CA2088420C (en) * 1993-01-29 1996-10-08 Deborah L. Pinard Method of establishing communication link to one of multiple devices associated with single telephone number
US5517677A (en) * 1993-05-13 1996-05-14 Uniden America Corporation Adaptive weighting of a scanning sequence
NL9301492A (en) * 1993-08-31 1995-03-16 Nederland Ptt System for mobile communication in overlapping communication domains.
US5764730A (en) * 1994-10-05 1998-06-09 Motorola Radiotelephone having a plurality of subscriber identities and method for operating the same
US5659544A (en) * 1994-10-17 1997-08-19 Lucent Technologies Inc. Method and system for distributed control in wireless cellular and personal communication systems
FR2733960B1 (en) 1995-05-11 1997-06-27 Sub Pratique SELF-CONTAINED DIVE BREATHING APPARATUS WITH MIDDLE PRESSURE CONNECTIONS WHICH CAN BE CONNECTED AND DISCONNECTED IN DIVING, AND METHOD OF USING THE SAME
GB2301734B (en) * 1995-05-31 1999-10-20 Motorola Ltd Communications system and method of operation
US5701451A (en) * 1995-06-07 1997-12-23 International Business Machines Corporation Method for fulfilling requests of a web browser
CA2179337C (en) * 1995-08-22 2000-11-14 Thomas F. Laporta Network-based migrating user agents for personal communication services
US5657390A (en) * 1995-08-25 1997-08-12 Netscape Communications Corporation Secure socket layer application program apparatus and method
US5841764A (en) * 1995-10-30 1998-11-24 Ericsson Inc. Method and apparatus for permitting a radio to originate and receive data messages in a data communications network
JP3282652B2 (en) * 1996-02-19 2002-05-20 日本電気株式会社 OSI multi-layer management system
US5956637A (en) * 1996-02-20 1999-09-21 Telefonaktiebolaget L M Ericsson (Publ) Subscriber database management in a mobile telecommunications system
US6021331A (en) * 1996-02-22 2000-02-01 Alcatel Usa Sourcing, L.P. Control system for a telecommunications system
US5890064A (en) * 1996-03-13 1999-03-30 Telefonaktiebolaget L M Ericsson (Publ) Mobile telecommunications network having integrated wireless office system
US5915225A (en) * 1996-03-28 1999-06-22 Ericsson Inc. Remotely retrieving SIM stored data over a connection-less communications link
US5914668A (en) * 1996-08-30 1999-06-22 Lucent Technologies Inc. Wireless terminal controlled mobility operational parameters
US5850444A (en) * 1996-09-09 1998-12-15 Telefonaktienbolaget L/M Ericsson (Publ) Method and apparatus for encrypting radio traffic in a telecommunications network
US5978672A (en) * 1996-09-27 1999-11-02 Global Mobility Systems, Inc. Mobility extended telephone application programming interface and method of use
EP0852448A1 (en) * 1997-01-02 1998-07-08 Nokia Mobile Phones Ltd. User terminal for mobile communications
US5974331A (en) * 1997-04-04 1999-10-26 U S West, Inc. Method and system for dynamically assigning features and users to wireline interfaces
NO971605L (en) 1997-04-08 1998-10-09 Ericsson Telefon Ab L M Device for improving accessibility of services in a communication system
US5937345A (en) * 1997-05-02 1999-08-10 Nortel Networks Corporation Method and apparatus for intercepting calls in a communications system
US6076099A (en) * 1997-09-09 2000-06-13 Chen; Thomas C. H. Method for configurable intelligent-agent-based wireless communication system
GB2332288A (en) * 1997-12-10 1999-06-16 Northern Telecom Ltd agent enabling technology

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5291479A (en) 1991-07-16 1994-03-01 Digital Technics, Inc. Modular user programmable telecommunications system with distributed processing
US5765108A (en) * 1991-07-31 1998-06-09 Telstra Corporation Limited Telecommunications system
EP0684741A1 (en) 1994-05-04 1995-11-29 Gpt Limited Connectionless information service delivery
US5608447A (en) 1994-05-27 1997-03-04 Bell Atlantic Full service network
WO1995035611A2 (en) 1994-06-13 1995-12-28 Telefonaktiebolaget Lm Ericsson A resource model and architecture for a connection handling system
US5509053A (en) 1994-09-14 1996-04-16 Motorola, Inc. Method and apparatus for routing a call to a mobile communication unit in a telepoint communication system
US5825759A (en) * 1994-10-26 1998-10-20 Telefonaktiebolaget Lm Ericsson Distributing network services and resources in a mobile communications network
WO1996025012A1 (en) 1995-02-07 1996-08-15 British Telecommunications Public Limited Company Information services provision and management
US5572528A (en) 1995-03-20 1996-11-05 Novell, Inc. Mobile networking method and apparatus
US6073010A (en) * 1995-04-28 2000-06-06 Telefonaktiebolaget Lm Ericsson (Publ) System and method for restricting mobility of subscribers assigned to fixed subscription areas in a cellular telecommunications network
US5615351A (en) 1995-07-07 1997-03-25 Bell Communications Research, Inc. Method and system for correlating usage data in a distributed architecture
US6052589A (en) * 1997-02-19 2000-04-18 Telefonaktiebolaget Lm Ericsson Method and arrangement relating to telecommunications systems
USH1837H (en) * 1997-09-26 2000-02-01 Fletcher; Anthony G. Generic telecommunications system and associated call processing architecture

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
IEEE 46th Vehicular Technology Conference, Apr. 28-May 1, 1996, Atlanta, Georgia, pp. 1825-1829, van Thanh et al., "Making Mobility Transparent to the Applications".
IEEE Communication Magazaine, vol. 36, No. 3, Mar. 1998, France, Juan Pavón et al., pp. 72-79, "COBRA for Network and Service Management in the TINA Framework".
International Conference on Network Protocols, Nov. 1995, Tokyo, Japan, pp. 296-304, Choong Seon Hong et al., "Service and connection management architecture for distributed multimedia application".
Telektronikk, vol. 90, No. 2, 1994, Norway, pp. 72-79, T. Handegærd, "The TINA Consortium".

Cited By (76)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490613B1 (en) 1997-04-08 2002-12-03 Telefonaktiebolaget Lm Ericsson (Publ) Arrangement for extending service support in a communication system
US20050022001A1 (en) * 2000-02-22 2005-01-27 Microsoft Corporation Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet
US20060168454A1 (en) * 2000-02-22 2006-07-27 Microsoft Corporation Methods and systems for accessing networks, methods and systems for accessing the internet
US20040205004A1 (en) * 2000-02-22 2004-10-14 Paramvir Bahl Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet
US20040215956A1 (en) * 2000-02-22 2004-10-28 Microsoft Corporation Methods and systems for accessing networks, methods and systems for accessing the internet
US7444510B2 (en) 2000-02-22 2008-10-28 Microsoft Corporation Methods and systems for accessing networks, methods and systems for accessing the internet
US8255569B1 (en) 2000-02-22 2012-08-28 Microsoft Corporation Methods and systems for compressing data packets
US7406707B2 (en) 2000-02-22 2008-07-29 Microsoft Corporation Methods and systems for accessing networks methods and systems for accessing the internet
US7548976B2 (en) 2000-02-22 2009-06-16 Microsoft Corporation Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet
US7313237B2 (en) 2000-02-22 2007-12-25 Microsoft Corporation Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet
US7500263B2 (en) * 2000-02-22 2009-03-03 Microsoft Corporation Methods and systems for accessing networks, methods and systems for accessing the Internet
US7444669B1 (en) 2000-05-05 2008-10-28 Microsoft Corporation Methods and systems for providing variable rates of service for accessing networks, methods and systems for accessing the internet
US7496652B2 (en) 2000-07-17 2009-02-24 Teleservices Solutions, Inc. Intelligent network providing network access services (INP-NAS)
US20090238349A1 (en) * 2000-07-17 2009-09-24 Teleservices Solutions, Inc. Intelligent Network Providing Network Access Services (INP-NAS)
US8504729B2 (en) 2000-07-17 2013-08-06 Degage Limited Liability Company Intelligent network providing network access services (INP-NAS)
US20040249927A1 (en) * 2000-07-17 2004-12-09 David Pezutti Intelligent network providing network access services (INP-NAS)
US7068999B2 (en) * 2002-08-02 2006-06-27 Symbol Technologies, Inc. System and method for detection of a rogue wireless access point in a wireless communication network
US20040023640A1 (en) * 2002-08-02 2004-02-05 Ballai Philip N. System and method for detection of a rogue wireless access point in a wireless communication network
US10015168B2 (en) 2002-08-19 2018-07-03 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
US20050213763A1 (en) * 2002-08-19 2005-09-29 Owen Russell N System and method for secure control of resources of wireless mobile communication devices
US9391992B2 (en) 2002-08-19 2016-07-12 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
CN1689302B (en) * 2002-08-19 2011-01-19 捷讯研究有限公司 System and method for secure control of resources of wireless mobile communication devices
US9998466B2 (en) 2002-08-19 2018-06-12 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
US8661531B2 (en) 2002-08-19 2014-02-25 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
WO2004017592A1 (en) * 2002-08-19 2004-02-26 Research In Motion Limited System and method for secure control of resources of wireless mobile communication device
US8544084B2 (en) 2002-08-19 2013-09-24 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
US10298584B2 (en) 2002-08-19 2019-05-21 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
US10999282B2 (en) 2002-08-19 2021-05-04 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
US8893266B2 (en) 2002-08-19 2014-11-18 Blackberry Limited System and method for secure control of resources of wireless mobile communication devices
US8626139B2 (en) 2002-11-08 2014-01-07 Blackberry Limited System and method of connection control for wireless mobile communication devices
WO2004109535A1 (en) * 2003-06-05 2004-12-16 Ipass Inc. Method and system of providing access point data associated with a network access point
US8606885B2 (en) 2003-06-05 2013-12-10 Ipass Inc. Method and system of providing access point data associated with a network access point
US20050021781A1 (en) * 2003-06-05 2005-01-27 Singam Sunder Method and system of providing access point data associated with a network access point
US9137668B2 (en) 2004-02-26 2015-09-15 Blackberry Limited Computing device with environment aware features
US7958352B2 (en) 2004-04-08 2011-06-07 Ipass Inc. Method and system for verifying and updating the configuration of an access device during authentication
US20090150525A1 (en) * 2004-04-08 2009-06-11 Ipass, Inc. Method and system for verifying and updating the configuration of an access device during authentication
USRE48679E1 (en) 2004-04-30 2021-08-10 Blackberry Limited System and method for handling data transfers
USRE49721E1 (en) 2004-04-30 2023-11-07 Blackberry Limited System and method for handling data transfers
USRE44746E1 (en) 2004-04-30 2014-02-04 Blackberry Limited System and method for handling data transfers
USRE46083E1 (en) 2004-04-30 2016-07-26 Blackberry Limited System and method for handling data transfers
US10515195B2 (en) 2005-06-29 2019-12-24 Blackberry Limited Privilege management and revocation
US9282099B2 (en) 2005-06-29 2016-03-08 Blackberry Limited System and method for privilege management and revocation
US9734308B2 (en) 2005-06-29 2017-08-15 Blackberry Limited Privilege management and revocation
US9531731B2 (en) 2010-09-24 2016-12-27 Blackberry Limited Method for establishing a plurality of modes of operation on a mobile device
US10318764B2 (en) 2010-09-24 2019-06-11 Blackberry Limited Method and apparatus for differentiated access control
US9378394B2 (en) 2010-09-24 2016-06-28 Blackberry Limited Method and apparatus for differentiated access control
US9047451B2 (en) 2010-09-24 2015-06-02 Blackberry Limited Method and apparatus for differentiated access control
US9147085B2 (en) 2010-09-24 2015-09-29 Blackberry Limited Method for establishing a plurality of modes of operation on a mobile device
US9519765B2 (en) 2010-09-24 2016-12-13 Blackberry Limited Method and apparatus for differentiated access control
US9225727B2 (en) 2010-11-15 2015-12-29 Blackberry Limited Data source based application sandboxing
US9967055B2 (en) 2011-08-08 2018-05-08 Blackberry Limited System and method to increase link adaptation performance with multi-level feedback
US9497220B2 (en) 2011-10-17 2016-11-15 Blackberry Limited Dynamically generating perimeters
US10735964B2 (en) 2011-10-17 2020-08-04 Blackberry Limited Associating services to perimeters
US9161226B2 (en) 2011-10-17 2015-10-13 Blackberry Limited Associating services to perimeters
US9402184B2 (en) 2011-10-17 2016-07-26 Blackberry Limited Associating services to perimeters
US10848520B2 (en) 2011-11-10 2020-11-24 Blackberry Limited Managing access to resources
US9720915B2 (en) 2011-11-11 2017-08-01 Blackberry Limited Presenting metadata from multiple perimeters
US8799227B2 (en) 2011-11-11 2014-08-05 Blackberry Limited Presenting metadata from multiple perimeters
US9262604B2 (en) 2012-02-01 2016-02-16 Blackberry Limited Method and system for locking an electronic device
US9698975B2 (en) 2012-02-15 2017-07-04 Blackberry Limited Key management on device for perimeters
US9306948B2 (en) 2012-02-16 2016-04-05 Blackberry Limited Method and apparatus for separation of connection data by perimeter type
US9077622B2 (en) 2012-02-16 2015-07-07 Blackberry Limited Method and apparatus for automatic VPN login on interface selection
US8931045B2 (en) 2012-02-16 2015-01-06 Blackberry Limited Method and apparatus for management of multiple grouped resources on device
US9426145B2 (en) 2012-02-17 2016-08-23 Blackberry Limited Designation of classes for certificates and keys
US8893219B2 (en) 2012-02-17 2014-11-18 Blackberry Limited Certificate management method based on connectivity and policy
US9294470B2 (en) 2012-02-17 2016-03-22 Blackberry Limited Certificate management method based on connectivity and policy
US11032283B2 (en) 2012-06-21 2021-06-08 Blackberry Limited Managing use of network resources
US9369466B2 (en) 2012-06-21 2016-06-14 Blackberry Limited Managing use of network resources
US8972762B2 (en) 2012-07-11 2015-03-03 Blackberry Limited Computing devices and methods for resetting inactivity timers on computing devices
US9423856B2 (en) 2012-07-11 2016-08-23 Blackberry Limited Resetting inactivity timer on computing device
US9075955B2 (en) 2012-10-24 2015-07-07 Blackberry Limited Managing permission settings applied to applications
US9065771B2 (en) 2012-10-24 2015-06-23 Blackberry Limited Managing application execution and data access on a device
US8656016B1 (en) 2012-10-24 2014-02-18 Blackberry Limited Managing application execution and data access on a device
US10460086B2 (en) 2013-01-29 2019-10-29 Blackberry Limited Managing application access to certificates and keys
US9386451B2 (en) 2013-01-29 2016-07-05 Blackberry Limited Managing application access to certificates and keys
US9940447B2 (en) 2013-01-29 2018-04-10 Blackberry Limited Managing application access to certificates and keys

Also Published As

Publication number Publication date
NO971605L (en) 1998-10-09
JP4267708B2 (en) 2009-05-27
WO1998045985A1 (en) 1998-10-15
EP0981876A2 (en) 2000-03-01
US6490613B1 (en) 2002-12-03
DE69837040T2 (en) 2007-06-21
WO1998045988A2 (en) 1998-10-15
EP0981921A1 (en) 2000-03-01
JP2002510440A (en) 2002-04-02
AU6857398A (en) 1998-10-30
AU6857498A (en) 1998-10-30
EP0974233B1 (en) 2007-02-07
NO971605D0 (en) 1997-04-08
EP0974235A2 (en) 2000-01-26
JP2001521688A (en) 2001-11-06
DE69837040D1 (en) 2007-03-22
JP2001521690A (en) 2001-11-06
JP2001519062A (en) 2001-10-16
EP0980629A2 (en) 2000-02-23
EP0981921B1 (en) 2009-11-25
US6389037B1 (en) 2002-05-14
AU6857698A (en) 1998-10-30
WO1998045982A2 (en) 1998-10-15
WO1998045982A3 (en) 1998-12-10
US6332081B1 (en) 2001-12-18
WO1998045987A3 (en) 1999-01-07
DE69841308D1 (en) 2010-01-07
WO1998045988A3 (en) 1998-12-10
WO1998045989A2 (en) 1998-10-15
WO1998045986A3 (en) 1999-01-07
AU6857198A (en) 1998-10-30
WO1998046036A1 (en) 1998-10-15
WO1998045989A3 (en) 1998-12-10
EP0976222A2 (en) 2000-02-02
JP4234210B2 (en) 2009-03-04
JP2001521687A (en) 2001-11-06
EP0974233A2 (en) 2000-01-26
JP2001521689A (en) 2001-11-06
US6275709B1 (en) 2001-08-14
JP2001521686A (en) 2001-11-06
AU6857098A (en) 1998-10-30
WO1998045987A2 (en) 1998-10-15
AU6857298A (en) 1998-10-30
WO1998045986A2 (en) 1998-10-15
AU6857598A (en) 1998-10-30
US6964050B1 (en) 2005-11-08
EP0974214A1 (en) 2000-01-26
US6336130B1 (en) 2002-01-01

Similar Documents

Publication Publication Date Title
US6233446B1 (en) Arrangement for improving security in a communication system supporting user mobility
CA2229922C (en) Cellular communications system
US6324579B1 (en) Personalizing access to the internet via an access network and an internet service provider using an internet subscriber profile
AU765973B2 (en) Internet protocol traffic filter for a mobile radio network
KR100827978B1 (en) Flexible access authorization feature to enable mobile users to access services in 3? wireless networks
EP0976278B1 (en) Preventing misuse of a copied subscriber identity in a mobile communication system
US5678170A (en) Method and apparatus for monitoring and limiting distribution of data
US5577110A (en) Access to capabilities of other telephone stations
JP2001514819A (en) System for processing service data of telecommunication systems
EP0969645B1 (en) A method to provide a service, a service provider realizing such a method and a universal personal telecommunication network including such a service provider
US8804932B2 (en) Protection of services in mobile network against CLI spoofing
US6044269A (en) Method for enhanced control of mobile call delivery
US7496372B1 (en) Accessing numbers outside a closed user group in a mobile communication system
KR20010007291A (en) Server for dialup connection
US20040121759A1 (en) Pre-connection call authentication within a telephony network
JPH11355353A (en) Method for using pair consisting of call number and internet transmission address
JP2007535185A (en) Method for providing authorization for a user during a telephone connection and telecommunication system
CN114697036A (en) Telephone number access method and communication intermediary system
KR20040100154A (en) Special number rejecting system using short message service and method thereof
GB2405286A (en) A telecommunications service access control method

Legal Events

Date Code Title Description
AS Assignment

Owner name: TELEFONAKTIEBOLAGET LM ERICSSON, SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DO, THANH VAN;REEL/FRAME:010434/0350

Effective date: 19991014

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12